package com.ayu.product.config;



import com.ayu.product.filter.JwtVerifyFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * @Author: 徐林玉//作者及
 * @Date: 2021/9/26//完成日期
 * @Description: //
 * @Version: v0.0.1 // 版本信息
 * @Function List: // 主要函数及其功能
 * @Others: // 其它内容的说明
 * @History: // 历史修改记录
 **/

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{

	@Autowired
	private RsaKeyProperties rsaKeyProperties;



	/**
	 * SpringSecurity配置信息
	 * @param http
	 * @throws Exception
	 */
	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.csrf()
				.disable()
				.authorizeRequests()
				.antMatchers("/product").hasAnyRole("USER")
				.anyRequest()
				.authenticated()
				.and()
				.addFilter(new JwtVerifyFilter(super.authenticationManager(), rsaKeyProperties))
				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

	}
}